Professional Documents
Culture Documents
A Risk-Based
Risk Based Approach to
Compliant GxP
Computerized Systems
Stephen Shields
10 September 2013
ASQ Orange
O
Section
S ti Meeting
M ti Part
P t1
Disclaimer
Agenda
Overview
Life Cycle Approach
Life Cycle Phases
Concept
Project
Software Category and Life Cycle Approach
Purpose
Computerized systems are fit for intended use
Compliant with applicable regulations
Science based q
quality
y risk management
g
Regulated company activities:
Governance for achieving compliance
System specific activities
Supplier activities
Efficiency improvements
Key Concepts
Computerized System
PIC/S Good Practices for Computerised Systems in Regulated GXP Environments (PI 011)
11
ASTM E2500-07 Standard Guide for Specification, Design, and Verification of Pharmaceutical and Biopharmaceutical Manufacturing Systems and Equipment,
12
Concept Phase
Strategic Planning
Need Identification
Business Justification
Compliance Justification
Migration Need
Technical Feasibility
Management Commitment
User Requirement Initiation
Project Initiation
13
Verification
Reporting and Release
Release
Supporting Processes
Risk Management Change & Configuration Management Design Reviews Document Control Traceability
14
15
Planning Stage
A clear and complete understanding of User Requirements is needed
Planning should cover all required activities, responsibilities, procedures,
and timelines
Activities should be scaled according to:
system impact on patient safety, product quality, and data integrity (risk assessment)
system complexity and novelty (architecture and categorization of system components)
outcome off supplier
li assessment ((supplier
li capability)
bili )
16
17
Verification Stage
Verification confirms that specifications have been met
Verification activities occur throughout the project stages
Design Reviews
Testing
T i
18
19
Supporting Processes
Risk Management
Change and Configuration Management
Design Review
Traceability
Document Management
20
Software Categories
Category 1 Infrastructure Software
Established or commercially available layered software
Infrastructure software tools
Category 3 Non-Configured
Non Configured Products
Commercial-Off-The-Shelf (COTS) system that cannot be configured to conform to business
processes or are configurable but only the default configuration is used.
21
Typical Examples
Operating Systems
Database Engines
Software used to
Middleware
manage the operating Programming Languages
environment
Statistical Packages
Spreadsheet Application
Network Monitoring Tools
Scheduling Tools
Version Control Tools
Typical Approach
Record version number,
verify correct installation
by following approved
installation procedures
22
Typical Examples
Run-time parameters
Firmware-base Apps
may be entered and
COTS Software
stored, but the software Instruments
cannot be configured to
suit the business
process.
Typical Approach
Abbreviated life cycle
approach.
URS.
Risk-based approach to
supplier assessment.
Record version number,
verify correct installation.
Risk-based tests against
requirements as dictated by
use.
Procedures in place for
maintaining compliance and
23
fitness for intended use.
24
Typical Examples
Typical Approach
LIMS
Data acquisition
systems
SCADA
ERP
MRPII
Clinical Trial
monitoring
DCS
ADR Reporting
EDMS
BMS
CRM
Spreadsheets
Simple HMIs
26
Typical Examples
Typical Approach
Software custom
designed and coded
to suit the business
process.
27
28
Questions?
Stephen Shields
WWQA Director
Computerized System Compliance and Quality
All
Allergan,
IInc.
Shields_Stephen@Allergan.com
714-246-5320
29